Azure Windows VM does not enable encryption
Description
Enabling encryption for your Azure Windows virtual machine (VM) can help improve the security of your VM and its data. Encryption helps protect data by encoding it in such a way that it can only be accessed by authorized users.
Code Example
go
resource "azurerm_windows_virtual_machine" "pass" {
name = "example-machine"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
size = "Standard_F2"
admin_username = "adminuser"
admin_password = "P@$$w0rd1234!"
network_interface_ids = [
azurerm_network_interface.example.id,
]
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter"
version = "latest"
}
encryption_at_host_enabled=true
}Remediation
Terraform
- Resource: azurerm_windows_virtual_machine
- Arguments: encryption_at_host_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0658 |
| Severity | LOW |
| IaC Type | arm |
| Frameworks | Terraform |
| Checkov ID | CKV_AZURE_151 |